Skills
skills/greendesertsnow/pocketbase-skills/pocketbase-best-practices/Gen Agent Trust Hub

pocketbase-best-practices

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Prompt Injection] (SAFE): No malicious instructions designed to override agent safety or reveal system prompts were found. Example prompts are educational and standard for development use cases.
  • [Data Exposure & Exfiltration] (SAFE): The skill follows security best practices by using environment variables (e.g., process.env.PB_SUPERUSER_PASSWORD) and placeholders (e.g., 'your-secure-password') for all credentials. It provides guidance on secure token management and cookie configuration for SSR (Rule 3.5 and 4.1).
  • [Obfuscation] (SAFE): All content is provided in clear, human-readable markdown and standard code blocks. No Base64, zero-width characters, or hidden unicode content was detected.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard dependencies like the official PocketBase JS-SDK and common polyfills (eventsource). It explicitly warns users about the risks of third-party Docker images and encourages building from official binaries (Rule 8.4).
  • [Privilege Escalation] (SAFE): While it discusses superuser capabilities and impersonation (Rule 3.1), these are explained as legitimate administrative features within the PocketBase architecture. Deployment instructions correctly recommend restrictive file permissions (chmod 600) and non-root service execution.
  • [Persistence Mechanisms] (SAFE): A standard systemd service unit is provided for legitimate service management on Linux servers. No unauthorized or hidden persistence mechanisms were found.
  • [Metadata Poisoning] (SAFE): Skill metadata is consistent with its purpose and contains no deceptive instructions.
  • [Indirect Prompt Injection] (SAFE): The skill does not process untrusted external data as part of its operation; it provides static guidance to the agent for code generation tasks. It specifically teaches developers how to avoid injection in their own applications (Rule 4.5).
  • [Time-Delayed / Conditional Attacks] (SAFE): No time-based logic or conditional triggers gating malicious behavior were detected.
  • [Dynamic Execution] (SAFE): The skill discusses building custom PocketBase binaries with the Go CGO driver (Rule 8.5), but this is presented as a developer task and does not involve runtime execution of untrusted code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:08 PM